CVE-2009-4248

Name of the Vulnerable Software and Affected Versions RealPlayer versions 10 through 11.0.4 RealPlayer 10.5 versions 6.0.12.1040 through 6.0.12.1741 RealPlayer Enterprise (affected versions not specified) Mac RealPlayer versions 10 and 10.1 Linux RealPlayer version 10 Helix Player versions 10.x

Description The issue is related to a buffer overflow in the RTSPProtocol::HandleSetParameterRequest function, which can be triggered by a crafted RTSP SET PARAMETER request. This could lead to a denial of service, causing the application to crash, or possibly allow the execution of arbitrary code. The estimated number of potentially affected devices and details about real-world incidents are not provided.

Recommendations For RealPlayer versions 10 through 11.0.4, consider disabling the RTSPProtocol::HandleSetParameterRequest function until a patch is available. For RealPlayer 10.5 versions 6.0.12.1040 through 6.0.12.1741, restrict access to the RTSP SET PARAMETER request to minimize the risk of exploitation. For RealPlayer Enterprise, Mac RealPlayer versions 10 and 10.1, Linux RealPlayer version 10, and Helix Player versions 10.x, at the moment, there is no information about a newer version that contains a fix for this issue.